About authentication to GitHub
To keep your account secure, you must authenticate before you can access certain resources on GitHub Enterprise Server. When you authenticate to GitHub Enterprise Server, you supply or confirm credentials that are unique to you to prove that you are exactly who you declare to be.
You can access your resources in GitHub Enterprise Server in a variety of ways: in the browser, via GitHub Desktop or another desktop application, with the API, or via the command line. Each way of accessing GitHub Enterprise Server supports different modes of authentication.
- Username and password with two-factor authentication
- Personal access token
- SSH key
Authenticating in your browser
You can authenticate to GitHub Enterprise Server in your browser in different ways.
- Username and password only
- You'll create a password when you create your user account on GitHub Enterprise Server. We recommend that you use a password manager to generate a random and unique password. For more information, see "Creating a strong password."
- Two-factor authentication (2FA) (recommended)
- If you enable 2FA, we'll also prompt you to provide a code that's generated by an application on your mobile device or sent as a text message (SMS) after you successfully enter your username and password. For more information, see "Accessing GitHub using two-factor authentication."
- In addition to authentication with a mobile application or a text message, you can optionally add a secondary method of authentication with a security key using WebAuthn. For more information, see "Configuring two-factor authentication using a security key."
Authenticating with GitHub Desktop
You can authenticate with GitHub Desktop using your browser. For more information, see "Authenticating to GitHub."
Authenticating with the API
You can authenticate with the API in different ways.
- Personal access tokens
- In limited situations, such as testing, you can use a personal access token to access the API. Using a personal access token enables you to revoke access at any time. For more information, see "Creating a personal access token."
- Web application flow
- For OAuth Apps in production, you should authenticate using the web application flow. For more information, see "Authorizing OAuth Apps."
- GitHub Apps
- For GitHub Apps in production, you should authenticate on behalf of the app installation. For more information, see "Authenticating with GitHub Apps."
Authenticating with the command line
You can access repositories on GitHub Enterprise Server from the command line in two ways, HTTPS and SSH, and both have a different way of authenticating. The method of authenticating is determined based on whether you choose an HTTPS or SSH remote URL when you clone the repository. For more information about which way to access, see "About remote repositories."
HTTPS
You can work with all repositories on GitHub Enterprise Server over HTTPS, even if you are behind a firewall or proxy.
If you authenticate with CLI de GitHub, you can either authenticate with a personal access token or via the web browser. For more information about authenticating with CLI de GitHub, see gh auth login
.
If you authenticate without CLI de GitHub, you must authenticate with a personal access token. Cuando Git pide tu contraseña, ingresa tu token de acceso personal (PAT) en su lugar. Se ha eliminado la autenticación con contraseña para Git y es más seguro utilizar un PAT. Para obtener más información, consulta la sección "Crear un token de acceso personal". Every time you use Git to authenticate with GitHub Enterprise Server, you'll be prompted to enter your credentials to authenticate with GitHub Enterprise Server, unless you cache them a credential helper.
SSH
You can work with all repositories on GitHub Enterprise Server over SSH, although firewalls and proxies might refuse to allow SSH connections.
If you authenticate with CLI de GitHub, the CLI will find SSH public keys on your machine and will prompt you to select one for upload. If CLI de GitHub does not find a SSH public key for upload, it can generate a new SSH public/private keypair and upload the public key to your account on tu instancia de GitHub Enterprise Server. Then, you can either authenticate with a personal access token or via the web browser. For more information about authenticating with CLI de GitHub, see gh auth login
.
If you authenticate without CLI de GitHub, you will need to generate an SSH public/private keypair on your local machine and add the public key to your account on tu instancia de GitHub Enterprise Server. For more information, see "Generating a new SSH key and adding it to the ssh-agent." Every time you use Git to authenticate with GitHub Enterprise Server, you'll be prompted to enter your SSH key passphrase, unless you've stored the key.